Once you have paid for your Digital Certificate Order, your order becomes Active within the system. However, you need to complete the Certificate Enrollment Process, before the certificate can be issued to you.
You need to successfully Enroll your Digital Certificate within 5 days, since the date this Order became Active. In the event that you do not complete your Enrollment process within this period your Digital Certificate Order will get automatically Cancelled and you would receive a refund.
Follow the instructions mentioned below to get your digital certificate issued:
Step 1. Generate a Private Key and Certificate Signature Request (CSR) from your web server
Before you can begin the process of obtaining a Certificate, you must generate a minimum of 1024-bit Private Key and CSR pair, off your web server.
A CSR is basically a Public Key that you generate on your server that validates the computer-specific information about your web server and Organization when you request a Certificate from thawte.
Digital ID's make use of a technology called Public Key Cryptography, which uses Public and Private Key files.
The Public Key, also known as a Certificate Signature Request (CSR), is the key that will be sent to thawte. The CSR that you generate must be signed by atleast a 1024-bit Private Key (thawte will not accept a lower encryption level CSR than 1024-bit).
The Private Key will remain on the server and should never be released into the public. thawte does not have access to your Private Key. It is generated locally on your server and is never transmitted to thawte. The integrity of your Digital ID depends on your private key being controlled exclusively by you.
A CSR cannot be generated without generating a Private Key file nor can the Private Key file be generated without generating a CSR file. In certain web server software platforms like Microsoft IIS, both are generated simultaneously through the Wizard on the web server.
Typically, you will be prompted to enter the following information about your Organization in order to generate the Private Key and CSR (Public Key) pair off the web server:
- Organization Name
- Organizational unit - This maybe either a Sole Proprietorship, Trading As, University Department, University Administration, Government Department, Doing Business As, University Faculty, Public (Listed) Company, Private (Unlisted) Company, Registered Non Profit Organization, Non-Government Organization, Interest Group, Registered Charity.
- Country Code
- State or Province
- Common Name - This is the name that distinguishes the Certificate best, and ties it to your Organization. Here you need to enter your exact host and domain name that you wish to secure. This may also be the root server or intranet name for your Organization.
a. if you wish to secure www.yourdomain.com, then you need to enter www.yourdomain.com as the Common Name. If you just enter yourdomain.com as the Common Name (without the host www), then the Certificate will only get issued to yourdomain.com. Similarly, if you need to secure pay.yourdomain.com, then you need to mention the Common Name as pay.yourdomain.com.
b. if you are buying a Wildcard Server Certificate for securing all sub-domains of your domain name yourdomain.com, then you need to enter the Common Name as *.yourdomain.com; otherwise you will get an error while submitting your CSR.
You need to get in touch with your Web Hosting provider and request them to generate a CSR for your business after supplying them the abovementioned information.
Step 2. Validate your Certificate Signature Request (CSR) at thawte
Prior to enrolling for a Digital Certificate, it is recommended that you confirm that nothing is amiss with the CSR that you have generated.
Click here to validate your CSR at thawte >>
Upon submission of a valid CSR, you would be able to view its details in the Certificate Contents area (at the bottom of this page). However, if your CSR is invalid, the Certificate Contents area would appear blank and you would be displayed an error (on the top of this page).
Step 3. Submit your Organization Details, Contact Details and Certificate Details to thawte
Before a Digital Certificate can be issued to you, we need to send a request to thawte with some information about yourself and your business. Follow the process mentioned below to request your Digital Certificate:
1. Login to your Control Panel and search for the domain name for which you have ordered a Digital Certificate. Click here to find instructions to do so >>
2. Upon clicking on the order, you need to click on the Enroll Certificate button.
3. Mention the following details and click on the Enroll button
A. Organization Details
- Organization Type - Select if your business is a Sole Proprietorship, Trading As, University Department, University Administration, Government Department, Doing Business As, University Faculty, Public (Listed) Company, Private (Unlisted) Company, Registered Non Profit Organization, Non-Government Organization, Interest Group or Registered Charity.
In case you are ordering a SSL123 certificate, then you will be also prompted to select your Authorizing Contact. This indicates to thawte whether they should contact you on your Corporate Contact details or your Technical Contact Details, to authenticate your domain name before issuing the Digital Certificate.
B. Contact Details
- Corporate Contact Details - Provide your complete contact details while giving special emphasis to the email address that you mention herein. You need to either
i. match the email address inserted, to one of the contact specified in your Domain Name's Whois details. Please ensure that this information is not kept hidden for anonymity purposes.
ii. match a pre-determined email with the domain name for which you are requesting the certificate. You need to either select - admin, administrator, hostmaster, info, SSLadmin, SSLadministrator, SSLwebmaster, sysadmin, webmaster from the drop down list.
- If you have selected to match the email address inserted, to one of the contact specified in your Domain Name's Whois details, then you have to ensure that the email address mentioned herein, matches either the Registrant Contact Email Address or the Administrative Contact Email Address.
- If Privacy Protection is enabled for the Domain Name, it needs to be disabled before submitting the Contact details to thawte.
Privacy Protection may be enabled again once the Certificate has been issued. Click here to read how to enable/disable Privacy Protection >>
- Until thawte verifies that both email addresses match, you would not be issued your Digital Certificate.
- Technical Contact Details - You may either choose to mention the same details as the one provided as the Corporate Contact by selecting the available check box or mention separate information.
thawte will contact either your Corporate Contact or your Technical Contact depending upon the settings you have selected above.
C. Certificate Details
- Software Type - Select the Web Server software on which your website/domain name is hosted.
- Certificate Maintenance Password - You may mention a password here that will be used to maintain your certificate with thawte.
- Certificate Signature Request - This is the CSR (Public Key) you have generated for the purpose of obtaining a Digital Certificate from thawte.
Step 4. Complete the thawte Authentication formalities
After you have enrolled for a Digital Certificate, thawte would contact your Corporate / Technical Contact and request you to provide them with some documentation:
- Proof of Organizational Name
- Proof of Right to Use Domain Name
- Proof of Organizational Telephone Number
Click here to know the documentation needed by thawte before issuing you your Digital Certificate >>
- The above mentioned process is to be followed in case you have ordered a SGC SuperCert, Web Server Certificate or a Wildcard Server Certificate.
In case you have ordered a SSL123 Certificate, thawte would try to automatically complete the authentication process. However, if they encounter any discrepancy, they may contact you to authenticate your request.
- If you do not complete your verification process soon, thawte may reject your Digital Certificate request and may send you an email informing you that your Digital Certificate has been "Bogused / Rejected."
However, should you subsequently complete the authentication formalities within 90 days of the Enrollment Date, thawte would issue you your Digital Certificate.
Once you have completed all these formalities, thawte will issue the certificate and email you a confirmation.
Step 5. Check the Status of your Digital Certificate and retrieve your Digital Certificate
Once you have completed the enrollment process, thawte would begin verifying the data you have submitted to them and once satisfied, issue you your Digital Certificate. You can continue checking the status of your Digital Certificate request from your Control Panel and retrieve the same from your Control Panel itself. Click here to check the status of your Digital Certificate and retrieve the same upon issue >>